华为路由器SSH登录实验

概念

SSH全称安全外壳(Secure Shell)协议,这个协议的目的就是为了取代缺乏机密性保障的远程管理协议,SSH基于TCP协议的加密通道,让客户端使用服务器的RSA公钥来验证SSHv2服务器的身份。


创建密钥对

在充当SSH服务器的路由器上创建本地密钥对;本例中是AR1充当服务器,AR4充当客户端。

密钥对是一个公钥一个密钥,信息用公钥加密就用私钥解密,服务器会将公钥给客户端,客户端使用私钥加密数据之后,数据只能服务器的私钥才能解开,确保了数据安全性。

 

[AR1]rsa local-key-pair create 
The key name will be: Host
% RSA keys defined for Host already exist.
Confirm to replace them? (y/n)[n]:y
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
       It will take a few minutes.
Input the bits in the modulus[default = 512]:512
Generating keys...
.............++++++++++++
.++++++++++++
................................................................................
.................++++++++
.........++++++++


启用SSH服务器进程

路由器默认 SSH服务是没开启的,需要手动开启。

[AR1]stelnet server enable 
Info: Succeeded in starting the STELNET server.


修改VTY虚拟接口的入站协议

# SSH协议支持的认证模式只有aaa
[AR1]user-interface vty 0 4
[AR1-ui-vty0-4]authentication-mode aaa

# VTY接口允许接受的入站协议修改为SSH    
[AR1-ui-vty0-4]protocol inbound ssh


设置aaa参数

# 创建的用户名为user1,密码为huawei  
[AR1]aaa     
[AR1-aaa]local-user user1 password cipher huawei
Info: Add a new user.

# 指定这个用户使用的协议,只能是ssh
[AR1-aaa]local-user user1 service-type ssh


设置SSH的认证类型

[AR1]ssh user user1 authentication-type ?
  all           All authentication, password or RSA
  password      Password authentication
  password-rsa  Both password and RSA
  rsa           RSA authentication
 
[AR1]ssh user user1 authentication-type password
 Authentication type setted, and will be in effect next time


AR4(client)访问AR1(Server)

尝试连接时系统提示错误同时要求管理员运行, "ssh client first-time enable" 才能开启首次访问功能,没有这条命令那么服务器发给客户端的公钥,客户端无法保存,所以这才命令在SSH客户端上必不可少。

[AR4]stelnet 192.168.28.1
Please input the username:user1
Trying 192.168.28.1 ...
Press CTRL+K to abort
Connected to 192.168.28.1 ...
Error: Failed to verify the server's public key.
Please run the command "ssh client first-time enable"to enable the first-time ac
cess function and try again.

# 会报错

 启用SSH首次访问功能并连接SSH服务器

[AR4]ssh client first-time enable 
[AR4]stelnet 192.168.28.1
Please input the username:user1
Trying 192.168.28.1 ...
Press CTRL+K to abort
Connected to 192.168.28.1 ...
The server is not authenticated. Continue to access it? (y/n)[n]:y
Mar 28 2023 17:25:32-08:00 AR4 %%01SSH/4/CONTINUE_KEYEXCHANGE(l)[0]:The server h
ad not been authenticated in the process of exchanging keys. When deciding wheth
er to continue, the user chose Y. 
[AR4]
Save the server's public key? (y/n)[n]:y
The server's public key will be saved with the name 192.168.28.1. Please wait...

Mar 28 2023 17:25:34-08:00 AR4 %%01SSH/4/SAVE_PUBLICKEY(l)[1]:When deciding whet
her to save the server's public key 192.168.28.1, the user chose Y. 
[AR4]
Enter password:
<AR1>


查看SSH状态、SSH访问情况

# 在服务器上查看SSH状态,显示SSH的版本,显示SSH的功能是否启用
[AR1] display ssh server status 
 SSH version                         :1.99  
 SSH connection timeout              :60 seconds
 SSH server key generating interval  :0 hours
 SSH Authentication retries          :3 times
 SFTP Server                         :Disable
 Stelnet server                      :Enable     


 # 查看会话
[AR1] display ssh server session 
 --------------------------------------------------------------------
 Conn   Ver   Encry     State  Auth-type        Username
 --------------------------------------------------------------------
 VTY 1  2.0   AES       run    password         user1                           
 --------------------------------------------------------------------
[AR1]

相关推荐

最近更新

  1. docker php8.1+nginx base 镜像 dockerfile 配置

    2024-07-20 12:26:03       95 阅读
  2. Could not load dynamic library ‘cudart64_100.dll‘

    2024-07-20 12:26:03       103 阅读
  3. 在Django里面运行非项目文件

    2024-07-20 12:26:03       84 阅读
  4. Python语言-面向对象

    2024-07-20 12:26:03       93 阅读

热门阅读

  1. am start -W 命令详解-可以测量应用启动时间的命令

    2024-07-20 12:26:03       23 阅读
  2. 很详细!接口使用教程(二)

    2024-07-20 12:26:03       29 阅读
  3. 分布式Session共享的5类技术方案,与优劣势比较

    2024-07-20 12:26:03       22 阅读
  4. 火星地图插件

    2024-07-20 12:26:03       26 阅读
  5. 白骑士的PyCharm教学目录

    2024-07-20 12:26:03       24 阅读
  6. Mathematical Problem

    2024-07-20 12:26:03       21 阅读